Custom Login Module in JBOSS -- How To Make it Work ?

I am at my wits end trying to configure a Custom Login Module(extending UserNamePasswordLOginModule) in JBOSS AS 4.2.2.

I have made an entry in Login-config.xml, jboss-web.xml, web.xml, auth.conf. Placed the Custom Login Module in an jar in the $JBOSS_HOME/server/default/lib directory. Added the entry in JBOSS_CLASSPATH.(I also feel this might be the problem, as the class is not getting loaded at startup)

Whenever I try to invoke it , I have no luck at all and I get this error and not sure how to debug it.

[CoyoteAdapter] An exception or error occurred in the container during the request processingjava.lang.ArrayIndexOutOfBoundsException: 20 at javax.security.auth.login.LoginContext.invoke(LoginContext.java:756) at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186) at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683) at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) at javax.security.auth.login.LoginContext.login(LoginContext.java:579) at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:603) at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:537) at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:344) at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:491) at org.jboss.web.tomcat.security.GenericHeaderAuthenticator.authenticate(GenericHeaderAuthenticator.java:88) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:491) at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104) at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:241) at org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:437) at org.apache.coyote.ajp.AjpProtocol$AjpConnectionHandler.process(AjpProtocol.java:381) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447) at java.lang.Thread.run(Thread.java:595)

Placing the jar file containing the classes that implement the custom login module in the server/xxx/lib directory should be sufficient - you do not need to add it to JBOSS_CLASSPATH. In fact, you should remove the jar from JBOSS_CLASSPATH.

Please post the entry that you made in the login-config.xml file, and the security information in the web.xml and jboss-web.xml files.

Finally, one way to double-check this is to change your custom login module to use the plain UserNamePasswordLoginModule class and see if that works. If it does, your configuration is correct but your classes are at fault. If it does not work, then your configuration is at fault.